I have been using my current antivirus product for several years, and now that it has come up for renewal the cost has been advertised as US$100 rather than the US$70 which I have paid previously. Notwithstanding that I have had trouble with their support site and receiving replies, I also think that I am paying for more features than needed, such as parental controls and the backup/migration program which I have been encountering difficulty getting to work and support seems unable (or unwilling) to help! For years I have seen you recommend AVG, Spybot, Windows Defender, etc. and was wondering if I could safely just use Windows Defender and AVG on my Windows Vista computer. I only use the internet to visit known “trusted” sites such as Flickr, camera sites, Wikipedia, and internet banking.

You are right to be querying whether it is worth reinvesting in your antivirus product, given that you appear to be having difficulty gaining support for the product, together with paying for a number of features which you don’t actually use or need. You are correct that over the years I have recommended a number of free utilities to help protect your computer. However, just like technology, new products have been released so I have modified my listing of products which I recommend and will take this opportunity to provide a summary of the new items that you may wish to consider. First, if you are looking for a free antivirus product Microsoft has released a piece of software called Microsoft Security Essentials (www.microsoft.com/security_essentials). This is a free antivirus and antimalware product which performs quite well and also has a substantially smaller footprint than many other similar products. However, if you are looking for a more substantial and fully featured antivirus product then I also recommend ESET NOD32 Antivirus (www.nod32.com.au). This is not free, but at a price of $39.95 is a good quality product. Unlikely most other commercial antivirus products it has a very small footprint (similar to Microsoft Security Essentials) which means that it does not unnecessarily consume system resources and slow your computer down. It also does exactly what it advertises – antivirus and antimalware, rather than also having a huge number of other features (such as parental controls) which you may not use. While there are other versions of the NOD32 suite which do include these features, I would say that they are not particularly useful in your case so you may wish to go with the basic antivirus version of the software.

On that topic, you probably will notice that many antivirus products can come bundled with firewall functionality. A common question which I am asked is whether the firewall functionality of such products is useful. In my experience I have found that often such functionality is not particularly useful for the average home user and can actually slow down network access and system performance (given the negative performance impact which running the firewall has on the computer as a whole). Of course, whether there is a performance hit depends on the particular product but, as a general rule of thumb, anything running on the computer takes up resources and will impact the overall system performance to some degree. Therefore, you need to carefully consider whether running such additional software is necessary. I consider that a combination of a broadband router and the in-built Windows firewall is a good level of protection for most users. As you may have read in previous columns, an additional benefit of running a broadband router on your internet connection is that it protects all computers on the internal side of the router (i.e. your internal network) as it does not allow unsolicited traffic from the internet to be passed onto computers inside your internal network. Instead, the router will realise that the traffic has not been requested by a computer inside the network and will simply dispose of that traffic, and any potential malicious threats it contains. In contrast, when you are not running a broadband router but instead directly connect to the internet from a particular computer, the unsolicited traffic actually makes it to the end computer and needs to be dealt with at that point, rather than having a router filter the traffic so it never makes it to the computer. Broadband routers are commonly associated with being used to share an internet connection, but even if you do not wish to share internet (and only have one computer in your household) I still strongly encourage you to use a router simply for the firewall capabilities. Given that a router costs around $80 - $150, this is relatively cheap for a device which provides network security, considering that to purchase a software-based firewall you may be faced with paying that amount each year to subscribe to the software.

Even though you are running a hardware-based router firewall, it is still a good idea to run some firewall software on each computer. This is important in case a threat is present on your internal network that did not originate from the internet. For example, if you plug-in a virus infected USB into a computer on your internal network and (for one reason or another) the virus scanner on that computer does not detect and remove the threat (perhaps because it’s a brand new virus, known as a zero-day exploit) then if you are not running firewall software on each computer there is potentially nothing stopping that threat from spreading. Since the likelihood of this happening is less than the risk of infections from the internet (if you were not running a hardware-based firewall) I suggest that the in-built Windows Firewall is good enough for this purpose. It always is a trade-off between security and system performance, as the more “industrial-strength” the software firewall becomes, the more impacting it will be on system performance. However, the additive security of running both a broadband router and software-based firewall on each computer is a good combination.

However, it should be noted that neither a broadband router, nor the Windows Firewall, will provide outbound firewall protection. Many years ago I recommended various firewall packages which provide outbound protection, essentially asking the user for permission before allowing programs on your computer to send traffic over the internet. While this was a good idea 10 years ago when we still used dial-up internet, the prevalence of broadband internet has somewhat reduced the usefulness. This is because most programs now expect to have internet access to download either internet based content or update themselves, whereas many legacy programs were not designed with the need for internet access. Therefore it is likely with an outbound firewall you will be regularly prompted asking whether particular programs should access the internet, and eventually will just start agreeing to everything since it becomes such a regular occurrence. While some argue that outbound firewalls are still a good idea, if you keep your computer clean of viruses (by taking the appropriate cautionary measures, such as run antivirus software), and ensure that you only install known legitimate software on your computer, then you should be fairly safe.

On the topic of only installing known legitimate software, ensure that anything you download from the internet and install is from legitimate sources, such as the original software developers’ website. If you download and install software from other sources of doubtful reputation then it is possible that your computer could be infected with some kind of malware. While the antivirus software on your computer should pick-up such issues, it cannot detect every threat with 100% certainty and anyway it is always better to have prevention rather than cure.

In summary, my recommended setup for a standard home computer would be a broadband router (providing hardware-based firewall functionality on the internet connection) combined with the Windows Firewall being enabled on each individual computer plus the installation of an antivirus package such as Microsoft Security Essentials or ESET NOD32 Antivirus. This will go a long way towards protecting your computer against threats while also keeping a minimal footprint so that system performance is not adversely affected.